I recently saw the game called "Bongo Cat" on Steam which monitors yours keystrokes and accordingly plays the bongo drums. I saw that it was not working properly on Wayland because it does not allow the game to record keystrokes from other apps.
This got me thinking; how does ~~Steam~~ Valve protect us from malware? I was searching for "steam games malware" on DDG and found out that there were a few incidents regarding this. I understand that Steam probably has a robust mechanism for understanding game behavior but it's kind of a black-box for us.
Is there any independent vulnerability checker for games? How paranoid should one be before downloading games from steam?
PS: I know that as Linux users, most attack vectors don't work for us but it's good to be aware just in case.
Edit: I need to clarify. I know Steam is just a game-launcher, it's not supposed to protect the user after the game is installed. I meant to say how does Valve protect the user from malicious games? Is their mechanism known?
I did not know Wayland did this. That's awesome.
Yeah, Wayland has a lot of security related things that makes your previous solutions not work. X11 was open and allowed you to do anything, but Wayland is secure, and we trade convenience for security.
Communication with other applications and system wide monitoring was easy for scripts in x11.
There's actually a keylogging attack for Wayland, which is an
LD_PRELOADvulnerability that can be exploited. I wonder if that attack is still viable.